Privacy Policy

This privacy policy explains how YourContractGuard (“we,” “us,” operated by the entity identified at the bottom of this page) collects, uses, and protects the information you provide when you use yourcontractguard.com and our analysis service (together, the “Service”).

One-line summary. We keep what you give us, we don't sell it, we don't use it to train AI models, you can delete it whenever you want.

1. Data we collect

We collect only what the Service requires to function:

• Account data — email address, hashed password (or an OAuth identifier if you sign in with Google), optional display name.
• Contract content — the documents you upload or the text you paste in order to receive an analysis. Stored encrypted at rest (AES-256) and never shared with third parties beyond the AI processing described below.
• Analysis metadata — how many contracts you've analyzed this month, processing timestamps, detected language, and the structured risk findings we return to you.
• Payment data — if you subscribe to Starter, Pro, or Enterprise, Stripe processes payment directly. We store only your Stripe customer ID, the billing interval, and subscription status; we never see your full card number.
• Minimal technical data — IP address on each request (used for rate limiting and security), user-agent string, and aggregate page-view analytics via Plausible (cookieless) and Vercel Analytics.

2. What we don't do

• We don't sell or rent your personal data to anyone, ever.
• We don't use your contracts to train any AI model — ours or anyone else's.
• We don't ship advertising cookies or third-party tracking pixels.
• We don't enrich your profile from data brokers.

3. How we use your data

Strictly for operating the Service: authenticating you, running the contract analysis, showing you your history, processing billing, responding to support requests, and improving the product via aggregate (not individual) usage patterns.

4. AI processing

The analysis is performed by Anthropic's Claude via their API. When accessed via API (as we do), Anthropic's terms specify that submitted content is not used to train their models. Clause text is sent to Anthropic over TLS and is not retained beyond the time needed to produce the analysis.

5. Where your data lives

Contracts are stored encrypted in Cloudflare R2 (S3-compatible object storage), located in the regions offered by Cloudflare. Analysis results live in a PostgreSQL database hosted by Neon / Supabase. All traffic between you, our servers, and any processor is protected by TLS 1.2 or higher.

6. Data retention

• Contracts and analyses: kept until you delete them. You can delete any single contract from your dashboard, or delete your entire account and have everything removed within 30 days.
• Payment records: retained as required by applicable tax and accounting law.
• Security logs (rate-limit, login attempts): 90 days.

7. Your rights

Under GDPR, KVKK (Türkiye), UK GDPR, and similar frameworks you can:

• Request a copy of all data we hold on you.
• Ask us to correct inaccurate information.
• Delete your account and all associated data.
• Object to processing or ask us to restrict it.
• Lodge a complaint with your local data-protection authority.

Email privacy@yourcontractguard.com and we'll respond within 30 days.

8. Cookies

We use one functional cookie (next-auth.session-token) to keep you signed in. No advertising cookies, no analytics cookies — Plausible runs without cookies. See the Cookie Policy for specifics.

9. Children

The Service is not directed at anyone under 16. We do not knowingly collect data from minors. If you believe a minor has created an account, email us and we'll delete the account.

10. Changes

If we make a material change to this policy, we'll email registered users at least 14 days before the change takes effect. The date at the top of this page always reflects the current version.

11. Controller & contact

The data controller is the operator of YourContractGuard. For privacy matters, email privacy@yourcontractguard.com.

This policy is a good-faith summary of how we intend to operate. Before handling production personal data at scale, it should be reviewed by qualified counsel in your operating jurisdiction.